In the third level of Stripe’s CTF, participants were tasked to build a proxy
to defend a couple of backend servers against a DDOS attack. The proxy needed
to do the following:

distribute requests across a number of backend servers

reject requests from attackers

Here is an easy solution - track the
number of requests coming from each IP address, and, with each request, update
the mean and standard deviation. Then, assuming a normal distribution,
calculate the z-score for each IP address. If the z-score is larger than some
tolerance figure, block the IP address. (Determining the tolerance figure
requires some trial-and-error.)

Here is a cooler solution
- download and build nginx, and use it to forward requests to the backend
servers. Finally, adjust the parameters in the nginx configuration, using the
limit_req module to handle bursts and block elephants.